package com.hsd.znsh.security.pc;

import com.hsd.znsh.code.ValidateCodeSecurityConfig;
import com.hsd.znsh.properties.SecurityProperties;
import com.hsd.znsh.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.session.*;
import org.springframework.security.web.session.ConcurrentSessionFilter;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;


@Component
public class PCSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {

	@Autowired
	private UserRepository userRepository;

	@Autowired
	private PasswordEncoder passwordEncoder;

	@Autowired
	private AuthenticationSuccessHandler myAuthenticationSuccessHandler;

	@Autowired
	private AuthenticationFailureHandler myAuthenticationFailureHandler;

	@Autowired
	private SessionRegistry sessionRegistry;


	@Override
	public void configure(HttpSecurity http) throws Exception {
		List<SessionAuthenticationStrategy> list=new ArrayList<>();
		list.add(new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry));
		list.add(new ChangeSessionIdAuthenticationStrategy());
		list.add(new RegisterSessionAuthenticationStrategy(sessionRegistry));
		CompositeSessionAuthenticationStrategy compositeSessionAuthenticationStrategy=new CompositeSessionAuthenticationStrategy(list);
		PCAuthenticationFilter pcAuthenticationFilter=new PCAuthenticationFilter();
		pcAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
		pcAuthenticationFilter.setAuthenticationSuccessHandler(myAuthenticationSuccessHandler);
		pcAuthenticationFilter.setAuthenticationFailureHandler(myAuthenticationFailureHandler);
		pcAuthenticationFilter.setSessionAuthenticationStrategy(compositeSessionAuthenticationStrategy);


		PCAuthenticationProvider phoneAuthenticationProvider = new PCAuthenticationProvider();
		phoneAuthenticationProvider.setUserDetailsService(new PCUserDetailsService(userRepository));
		phoneAuthenticationProvider.setPasswordEncoder(passwordEncoder);

		http.authenticationProvider(phoneAuthenticationProvider)
				.addFilterBefore(pcAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

	}
	
}
